<?php
/***************************************************************************
 *                                actions.php
 *                            -------------------
 *   begin                : Friday, July 27, 2012
 *   copyright            : (C) 2011 The Wordpress
 *   email                : linux_of_king@yahoo.com
 ***************************************************************************/
header("Cache-Control: no-cache");
header("Pragma: nocache");

$wp_include = "../wp-load.php";
$i = 0;
while (!file_exists($wp_include) && $i++ < 10) {
	$wp_include = "../$wp_include";
}
require($wp_include);

if ( !is_user_logged_in() || !current_user_can('edit_posts') ) 
	wp_die("You are not allowed to be here");

$url	= $_POST['url'];
$tmp	= explode(',', $url);
$mode	= $tmp[0];	

//
// Start of program proper
//
if ( isset($mode) )
{
	global $wpdb, $table_prefix, $current_user;
	switch( $mode )
	{
		case 'change_Status':
			$idDiv	= $tmp[1];
			$ID		= $tmp[2];
			$status	= $tmp[3];
			$tbl	= $tmp[4];
			$fid	= $tmp[5];
			$field	= $tmp[6];
			if( $status ) {
				$status = 0;
				echo '<a href="javascript:;" onclick="changeStatus(\''. $idDiv .'\', '. $ID .', '. $status .', \''. $tbl .'\', \''. $fid .'\', \''. $field .'\');"><img src="'. TEMPLATE_URL .'/images/icon_disable.gif" alt="" /></a>';
				
			} else {
				$status = 1;
				echo '<a href="javascript:;" onclick="changeStatus(\''. $idDiv .'\', '. $ID .', '. $status .', \''. $tbl .'\', \''. $fid .'\', \''. $field .'\');"><img src="'. TEMPLATE_URL .'/images/icon_enable.gif" alt="" /></a>';
			}
			$wpdb->query("UPDATE {$table_prefix}". $tbl ." SET ". $field ."='". $status ."' WHERE ". $fid ."='". $ID ."'");
			break;
		
		case 'change_Top':
			//global $post;
			//$custom = get_post_custom($post->ID);
			//$top = $tmp[2];
			if( !$tmp[2] ) {
				update_post_meta($tmp[1], '_cpt_top_tour', 1);
				echo '<a href="javascript:;" onclick="changeTop('. $tmp[1] .', 1)"><img src="'. TEMPLATE_URL .'/images/icon_enable.gif" alt="" /></a>';
			} else {
				delete_post_meta($tmp[1], '_cpt_top_tour');
				echo '<a href="javascript:;" onclick="changeTop('. $tmp[1] .', 0)"><img src="'. TEMPLATE_URL .'/images/icon_disable.gif" alt="" /></a>';
			}
			break;
		
		case 'insert_Group':
		case 'update_Group':
		case 'delete_Group':
		case 'cancel_Group':
			$gType = $tmp[1];
			if( $mode == 'insert_Group' ) {
				$wpdb->query("INSERT INTO {$table_prefix}price_group(group_name, group_type) 
							  VALUES ('". str_replace('^plus', '+', $tmp[2]) ."', $gType)");
				$groupID = $wpdb->insert_id;
			}
			elseif( $mode == 'update_Group' ) {
				$groupID = $tmp[2];
				$wpdb->query("UPDATE {$table_prefix}price_group SET group_name='". str_replace('^plus', '+', $tmp[3]) ."' WHERE group_id='". $groupID ."'");
			}
			elseif( $mode == 'delete_Group' ) {
				$wpdb->query("DELETE FROM {$table_prefix}price_group WHERE group_id='". $tmp[2] ."'");
			}
			?><span id="slcContent">
            <select id="group">
			<?php
            $mysql = $wpdb->get_results("SELECT * FROM {$table_prefix}price_group WHERE group_type=". $gType ." ORDER BY group_name ASC;");
            foreach ( $mysql as $groups ) {
                echo '<option value="'. $groups->group_id .'"'. (($groups->group_id == $groupID) ? ' selected' : '') .'>'. $groups->group_name .'</option>';
            }
            ?></select></span>
            <input type="button" value="Insert" class="button" onclick="addGroup(<?php echo $gType; ?>);" style="font-weight:bold;" />
            <input type="button" value="Edit" class="button" onclick="editGroup(<?php echo $gType; ?>);" style="font-weight:bold;" />
            <input type="button" value="Delete" class="button" onclick="deleteGroup(<?php echo $gType; ?>);" />
            <?php
			break;
		
		case 'insert_Season':
			$i = $tmp[1];
			$postID	= $tmp[2];
			$seName	= str_replace(array('^phay', '^va'), array(',', '&amp;'), $tmp[3]); 
			$seText	= str_replace(array('^phay', '^va'), array(',', '&amp;'), $tmp[4]); 
			$dataType = $tmp[6];

			$wpdb->query("INSERT INTO {$table_prefix}price_season(post_id, season_name, season_info, season_type) 
						  VALUES (". $postID .", '". $seName ."', '". $seText ."', ". $dataType .")");
			$seasonID = $wpdb->insert_id;
			?>
            <table width="100%" cellspacing="1" cellpadding="4" border="1" class="tblSeason">
                <tr align="center">
                    <th width="37px">Status</th>
                    <th width="33px">Order</th>
                    <th>Season Name</th>
                    <th width="21px">Edit</th>
                    <th width="36px">Delete</th></tr>
            	<tr align="center">
                    <td width="37px"><div id="seaStatus_<?php echo $seasonID; ?>">
                    	<a href="javascript:;" onclick="changeStatus('seaStatus_<?php echo $seasonID; ?>', <?php echo $seasonID; ?>, 1, 'price_season');"><img src="<?php echo TEMPLATE_URL; ?>/images/icon_enable.gif" alt="" /></a></div>
                    </td>
                    <td width="33px" class="item order_<?php echo $seasonID; ?>">0</td>
                    <td class="item name_<?php echo $seasonID; ?>"><?php echo $seName; ?></td>
                    <td width="21px" class="edit_<?php echo $seasonID; ?>"><a href="javascript:;" onclick="editSeason(<?php echo $seasonID; ?>);"><img src="<?php echo TEMPLATE_URL; ?>/images/icon_edit.gif" alt="" /></a></td>
                    <td width="36px"><a href="javascript:;" onclick="deleteSeason('<?php echo $tmp[5]; ?>', <?php echo $seasonID; ?>);"><img src="<?php echo TEMPLATE_URL; ?>/images/icon_delete.gif" alt="" /></a></td></tr>
            </table>
            <textarea id="info_<?php echo $seasonID; ?>" style="width:100%; height:80px; display:none;"><?php echo $seText; ?></textarea></div>
            <input type="text" id="className_<?php echo $seasonID; ?>" style="width:150px; margin:0;" />
            <input type="button" value="Insert new class" class="button" onclick="addClass(<?php echo $seasonID; ?>, 'new', <?php echo $postID; ?>, <?php echo $dataType; ?>)" style="font-weight:bold;" />
            <input type="hidden" id="numClass_<?php echo $seasonID; ?>" value="0" />
            <table width="100%" cellspacing="1" cellpadding="4" border="1" class="tblPrice" id="tblPrice_<?php echo $seasonID; ?>">
                <tr><th width="37px">Status</th>
                    <th width="33px">Order</th>
                    <th>Class Name</th>
                    <th width="63px" nowrap="nowrap">Extra Price</th>
                    <th width="21px">Edit</th>
                    <th width="36px">Delete</th>
                </tr>
                <tr class="class_<?php echo $seasonID; ?>_1" align="center"></tr>
			</table>
            <hr class="hrPrice" />
            <?php
			break;
		case 'save_Season': //order, name, info
			$wpdb->query("UPDATE {$table_prefix}price_season SET season_name='". str_replace(array('^phay', '^va'), array(',', '&amp;'), $tmp[3]) ."', season_info='". str_replace(array('^phay', '^va'), array(',', '&amp;'), $tmp[4]) ."', season_order='". intval($tmp[2]) ."' WHERE season_id='". $tmp[1] ."'");
			break;
		case 'delete_Season':
			$mysql = $wpdb->get_results("SELECT class_id, post_id FROM {$table_prefix}price_class WHERE season_id=". $tmp[1]);
			foreach ( $mysql as $classes ) {
				$wpdb->query("DELETE FROM {$table_prefix}price WHERE class_id='". $classes->class_id ."'");
			}
			$wpdb->query("DELETE FROM {$table_prefix}price_class WHERE season_id='". $tmp[1] ."'");
			$wpdb->query("DELETE FROM {$table_prefix}price_season WHERE season_id='". $tmp[1] ."'");
			break;
		
		case 'save_Class': 
			if( $tmp[5] == 'new' ) {
				$seasonID	= $tmp[1];
				$postID		= $tmp[6];
				$wpdb->query("INSERT INTO {$table_prefix}price_class(post_id, season_id, class_name, class_order, class_extra, class_type) 
						  VALUES (". $postID .", ". $seasonID .", '". str_replace(array('^phay', '^va'), array(',', '&amp;'), $tmp[3]) ."', '". $tmp[2] ."', '". $tmp[4] ."', ". $tmp[8] .")");
				echo $wpdb->insert_id;
			} else {
				$classID = $tmp[1];
				$wpdb->query("UPDATE {$table_prefix}price_class SET class_name='". str_replace(array('^phay', '^va'), array(',', '&amp;'), $tmp[3]) ."', class_order='". $tmp[2] ."', class_extra='". $tmp[4] ."' WHERE class_id='". $classID ."'");
				echo $classID;
			}
			break;
		case 'delete_Class':
			$wpdb->query("DELETE FROM {$table_prefix}price WHERE class_id='". $tmp[1] ."'");
			$wpdb->query("DELETE FROM {$table_prefix}price_class WHERE class_id='". $tmp[1] ."'");
			break;
		
		case 'load_GroupPrice':
			echo '<select id="'. $tmp[2] .'" style="width:80px;">';
			$sql_Group = $wpdb->get_results("SELECT * FROM {$table_prefix}price_group WHERE group_type=1 ORDER BY group_name ASC;");
			foreach ( $sql_Group as $sqlGroup ) {
				echo '<option value="'. $sqlGroup->group_id .'"'. (($sqlGroup->group_id == $tmp[1]) ? ' selected' : '') .'>'. $sqlGroup->group_name .'</option>';
			}
			echo '</select>';
			break;
		case 'save_Price':
			if( $tmp[5] == 'new' ) {
				$classID = $tmp[1];
				$wpdb->query("INSERT INTO {$table_prefix}price(class_id, group_id, price_contract, price_public) 
						  VALUES (". $classID .", '". $tmp[2] ."', '". $tmp[3] ."', '". $tmp[4] ."')");
				echo $wpdb->insert_id;
			} else {
				$priceID = $tmp[1];
				$wpdb->query("UPDATE {$table_prefix}price SET group_id='". $tmp[2] ."', price_contract='". $tmp[3] ."', price_public='". intval($tmp[4]) ."' WHERE price_id='". $priceID ."'");
				echo $priceID;
			}
			break;
		case 'delete_Price':
			if( $tmp[1] )
				$wpdb->query("DELETE FROM {$table_prefix}price WHERE price_id=". $tmp[1]);
			break;
		
		case 'insert_Slider':
			$wpdb->query("INSERT INTO {$table_prefix}advertising(adv_Position) VALUES (". $_POST['key'] .");");
			echo $wpdb->insert_id;
			break;
		case 'delete_Slider':
			$wpdb->query("DELETE FROM {$table_prefix}advertising WHERE adv_ID=". $_POST['ID']);
			break;
		case 'save_Slider':
			$wpdb->query("UPDATE {$table_prefix}advertising 
				SET ". (($_POST['key'] == 1) ? "adv_Title='". $_POST['name'] ."'" : "adv_Value='". $_POST['img'] ."'") .", adv_Href='". $_POST['href'] ."' WHERE adv_ID=". $_POST['ID']);
			break;
	}
}
exit(0);
function Random_Number_Generator() {
	$allowed_characters = array(1,2,3,4,5,6,7,8,9,0); 
	for($i = 1;$i <= 8; $i++){ 
		$value .= $allowed_characters[rand(0, count($allowed_characters) - 1)]; 
	} 
	return $value;
}
?>
